Research Papers

Evolving to Security Decision Support

By Mike Rothman

Not that it was ever really easy, but at least you used to know what tactics adversaries were using, and had a general idea of where they would end up, because you knew where your important data was, and which (single) type of device normally accessed it: the PC. It’s hard to believe we now long for the days of early PCs and centralized data repositories. Given the changes in the attack surface and capabilities of adversaries, you need a better way to assess your organization’s security posture, detect attacks, and determine applicable methods to work around and eventually remediate exposures in your environment.

We believe that way is called Security Decision Support. It starts with enterprise visibility, so you know which of your assets are where and what potential attacks they may see. Then you apply more rigorous analytics to the security data you collect to understand what’s happening right now. Finally you use integrate your knowledge of your technology environment, what attackers are doing in the wild, and telemetry from your organization, to consistently and predictably make decisions about what needs to get done.

What you need is a better way to assess your organizational security posture, determine when you are under attack, and figure out how to make the pain stop. This requires a combination of technology, process changes, and clear understanding of how your technology infrastructure is evolving.

This papers delve into these concepts to show how to gain both visibility and context – so you can understand both what you have to do and why. Security Decision Support enables you to prioritize the thousands of things you can do, enabling you to zero in on the few you must.

We’d like to thank Tenable for licensing this content. The support of forward-thinking companies who use our content to educate their communities enables us to write what you need to read. As always, our research is done using our Totally Transparent research methodology. This allows us to do impactful research while protecting our integrity.

Contact

About

Securosis is an information security research and advisory firm dedicated to transparency, objectivity, and quality. We are totally obsessed with improving the practice of information security. Our job is to save you money and help you do your job better and faster by helping you cut through the noise and providing clear, actionable, pragmatic advice on securing your organization.